Version
Cb Defense (formerly Confer) - All
Topic
This document provides information on how to collect logs to troubleshoot SPLUNK SIEM Connector issues
Splunk SIEM Connector Troubleshooting
Note:
This is not typically requested by support to the customer, but if this change can be made by a System Admin, it will facilitate faster troubleshooting if this can be done and logs can be provided.
LINUX SIEM Connector:
Debug Log:
On the confer_connector.py:
/opt/splunk/etc/apps/confer_connector/bin/confer_connector.py
Modify
DEBUG_MODE = False
to
DEBUG_MODE = True
Note:
SPLUNK_HOME environment variable is normally set by default to:
/opt/splunk
The log files are located in:
Confer Connector log file
$SPLUNK_HOME/var/log/splunk/confer_connector.log
Cb Defense Add-On for Splunk log file
$SPLUNK_HOME/var/log/splunk/ta-cb_defense_cbdefense_XXXX.log, ta-cb_defense_cbdefense_XXXX.log.1, ta-cb_defense_cbdefense_XXXX.log.2, etc..
Windows SIEM Connector:
The Log Level is set to Info by default. On the connector script that you downloaded, modify the log level.
Modify
LOG_LEVEL=Info
to
LOG_LEVEL=Verbose
to obtain more verbose connector logs.
The log files are located in:
%WINDOWS_TEMP%\confer_connector.log